79 research outputs found
Formal Reasoning Using an Iterative Approach with an Integrated Web IDE
This paper summarizes our experience in communicating the elements of
reasoning about correctness, and the central role of formal specifications in
reasoning about modular, component-based software using a language and an
integrated Web IDE designed for the purpose. Our experience in using such an
IDE, supported by a 'push-button' verifying compiler in a classroom setting,
reveals the highly iterative process learners use to arrive at suitably
specified, automatically provable code. We explain how the IDE facilitates
reasoning at each step of this process by providing human readable verification
conditions (VCs) and feedback from an integrated prover that clearly indicates
unprovable VCs to help identify obstacles to completing proofs. The paper
discusses the IDE's usage in verified software development using several
examples drawn from actual classroom lectures and student assignments to
illustrate principles of design-by-contract and the iterative process of
creating and subsequently refining assertions, such as loop invariants in
object-based code.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
On Deciding Local Theory Extensions via E-matching
Satisfiability Modulo Theories (SMT) solvers incorporate decision procedures
for theories of data types that commonly occur in software. This makes them
important tools for automating verification problems. A limitation frequently
encountered is that verification problems are often not fully expressible in
the theories supported natively by the solvers. Many solvers allow the
specification of application-specific theories as quantified axioms, but their
handling is incomplete outside of narrow special cases.
In this work, we show how SMT solvers can be used to obtain complete decision
procedures for local theory extensions, an important class of theories that are
decidable using finite instantiation of axioms. We present an algorithm that
uses E-matching to generate instances incrementally during the search,
significantly reducing the number of generated instances compared to eager
instantiation strategies. We have used two SMT solvers to implement this
algorithm and conducted an extensive experimental evaluation on benchmarks
derived from verification conditions for heap-manipulating programs. We believe
that our results are of interest to both the users of SMT solvers as well as
their developers
Control Flow Analysis for SF Combinator Calculus
Programs that transform other programs often require access to the internal
structure of the program to be transformed. This is at odds with the usual
extensional view of functional programming, as embodied by the lambda calculus
and SK combinator calculus. The recently-developed SF combinator calculus
offers an alternative, intensional model of computation that may serve as a
foundation for developing principled languages in which to express intensional
computation, including program transformation. Until now there have been no
static analyses for reasoning about or verifying programs written in
SF-calculus. We take the first step towards remedying this by developing a
formulation of the popular control flow analysis 0CFA for SK-calculus and
extending it to support SF-calculus. We prove its correctness and demonstrate
that the analysis is invariant under the usual translation from SK-calculus
into SF-calculus.Comment: In Proceedings VPT 2015, arXiv:1512.0221
Automatic Program Instrumentation for Automatic Verification (Extended Technical Report)
In deductive verification and software model checking, dealing with certain
specification language constructs can be problematic when the back-end solver
is not sufficiently powerful or lacks the required theories. One way to deal
with this is to transform, for verification purposes, the program to an
equivalent one not using the problematic constructs, and to reason about its
correctness instead. In this paper, we propose instrumentation as a unifying
verification paradigm that subsumes various existing ad-hoc approaches, has a
clear formal correctness criterion, can be applied automatically, and can
transfer back witnesses and counterexamples. We illustrate our approach on the
automated verification of programs that involve quantification and aggregation
operations over arrays, such as the maximum value or sum of the elements in a
given segment of the array, which are known to be difficult to reason about
automatically. We formalise array aggregation operations as monoid
homomorphisms. We implement our approach in the MonoCera tool, which is
tailored to the verification of programs with aggregation, and evaluate it on
example programs, including SV-COMP programs.Comment: 36 page
Ranking LLM-Generated Loop Invariants for Program Verification
Synthesizing inductive loop invariants is fundamental to automating program
verification. In this work, we observe that Large Language Models (such as
gpt-3.5 or gpt-4) are capable of synthesizing loop invariants for a class of
programs in a 0-shot setting, yet require several samples to generate the
correct invariants. This can lead to a large number of calls to a program
verifier to establish an invariant. To address this issue, we propose a {\it
re-ranking} approach for the generated results of LLMs. We have designed a
ranker that can distinguish between correct inductive invariants and incorrect
attempts based on the problem definition. The ranker is optimized as a
contrastive ranker. Experimental results demonstrate that this re-ranking
mechanism significantly improves the ranking of correct invariants among the
generated candidates, leading to a notable reduction in the number of calls to
a verifier.Comment: Findings of The 2023 Conference on Empirical Methods in Natural
Language Processing (EMNLP-findings 2023
- …